GovCERT.HK - Security Alert (A15-04-08): Multiple Vulnerabilities in Adobe Flash Player

Description:

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities that could be exploited to cause arbitrary code execution, security restrictions bypass, or information disclosure.

To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file or document that supports embedded Flash content.

Reports indicate that one of the vulnerabilities is being actively exploited in the wild.

Affected Systems:

Adobe Flash Player Desktop Runtime 17.0.0.134 and earlier versions for Windows and Macintosh
Adobe Flash Player Extended Support Release 13.0.0.277 and earlier versions for Windows and Macintosh
Adobe Flash Player 17.0.0.134 and earlier versions in Chrome for Windows, Macintosh and Linux
Adobe Flash Player 17.0.0.134 and earlier versions in Internet Explorer 10 and 11 for Windows 8 and 8.1
Adobe Flash Player 11.2.202.451 and earlier versions for Linux

Impact:

Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, security restrictions bypass, information disclosure or potentially take control of the affected system.

Recommendation:

The product vendor has released updated versions of Adobe Flash Player to address the issues. The corresponding updates for Adobe Flash Player can be obtained by using the auto-update mechanism or by downloading at the following URLs:

Adobe Flash Player Desktop Runtime 17.0.0.169 for Windows and Macintosh
http://www.adobe.com/go/getflash
Adobe Flash Player Desktop Runtime 17.0.0.169 for Windows and Macintosh (network distribution)
http://www.adobe.com/products/players/flash-player-distribution.html
Adobe Flash Player Extended Support Release 13.0.0.281
http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
Adobe Flash Player 11.2.202.457 for Linux
http://www.adobe.com/go/getflash
Adobe Flash Player 17.0.0.169 for Chrome
http://googlechromereleases.blogspot.com/
Adobe Flash Player 17.0.0.169 for Internet Explorer 10 and 11
https://support.microsoft.com/en-us/kb/3049508

If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser. To verify the version of Flash player installed, you may visit the following URL:

http://www.adobe.com/software/flash/about/

More Information:

https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
https://www.hkcert.org/my_url/zh/alert/15041512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044

Tag: Adobe , Flash Player